Was this article helpful?
Hello Stanislas, I need help on decrypting https enrichment problem. The Scenario is an https virtual server terminating https to backend pool on http. We have clients sending https enriched requests to certificates terminated on F5. (the enrichment is embedded on a tls extensionvalue in CLIENT HELLO)
However, because the certificate loaded ON F5 uses standard "server hello" settings, the ssl handshake fails.
1.Is it possible to have the data on client hello included in request sent to backend server.
- Is there an irule that can be included on F5 that can be used to create tls extension values. ( i worked on an irule using CLIENTSSL_CLIENTHELLO but haven't gotten headway).
when CLIENTSSL_CLIENTHELLO { set my_ext "Hello world!" set my_ext_type 17516 SSL::extensions insert [binary format S1S1a* $my_ext_type [string length $my_ext] $my_ext] }
Looking forward to hearing from you.